Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn’t describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible 3 ×3, 4 ×4 S-boxes and the 6 ×4 DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 ×8) S-boxes. Finally, we investigate the cost of such protection.
|Name||Lecture Notes in Computer Science|
|Publisher||Springer Berlin Heidelberg|
|Workshop||Cryptographic Hardware and Embedded Systems, CHES 2012|
|Period||9/09/12 → 12/09/12|
|Other||9-12 September 2012|